Field of the Invention
The invention relates to a method and a configuration for loading data.
Data processing systems, such as personal computers for example, usually become fully functionable only after an operating system has been loaded. Even without an operating system, the data processing systems require a basic functionality that enables elementary operations to be executed. Examples of such elementary operations are routines for the inputting of characters via a keyboard and the outputting thereof on the screen and the printer, a routine for the loading of the operating system into the main memory, and also test routines for a self-test that runs automatically when the data processing system is switched on. These operations are also referred to as basic system routines. The data required for executing these system routines are stored permanently in a non-volatile memory module in a data processing system, for example PROM, EPROM, FLASH, etc. Another term used in this context is basic input output system (BIOS).
The document: c""t 1997 Issue 2, Pages 106-110 has already disclosed calling suitable driver and application programs during the loading of BIOS data.
Since the basic system routines significantly influence the method of operation of the data processing system, it is sometimes necessary to use a revised version of the basic system routines in the data processing system. This can be done by exchanging the memory module PROM. If, instead of a non-overwritable PROM, an overwritable memory module, for example EEPROM, or a FLASH module is present in the data processing system, then the basic system routines can be loaded into the memory module.
In order to transfer the data for the new basic system routines, special programs are used which cooperate with conventional operating systems (i.e. Microsoft DOS). During the loading of the customary operating systems, a copy of the data from the non-volatile memory for basic system routines is stored in the main memory of the data processing system. If a functionality defined in the basic system routines is required, recourse is had to this copy in the main memory. However, the co-operation with the copy of the basic system routines results in disadvantages in respect of security, since the copied data can be altered in a comparatively simple manner by circumventing the write protection. Therefore, recent operating systems (IBM OS/2, Microsoft Windows 95 and Microsoft Windows NT) strive for executability that is possible without recourse to a copy of the basic system routines in the main memory of the data processing system.
On account of such security considerations, the recent operating systems do not support the loading of a new version of the basic system routines into the non-volatile memory module. Only programs of an application layer of the operating system are available to the user. The user has no access to programs in a kernel layer of the operating system for which access to functional elements of the data processing system which are essential to security is allowed. Therefore, the data processing system always has to be rebooted, that is to say restarted, for the loading of a new version for basic system routines. This restart must then be performed by use of another operating system, which supports at least the loading of the new version of the basic system routines. If such an operating system is loaded, security mechanisms of the operating system that is actually provided for the operation of the data processing system cannot take effect. As a result, it becomes possible to access other data stored within the data processing system. Moreover, these data can be altered in an impermissible manner by so-called viruses in such a way that functional disturbances may occur during later regular operation.
It is accordingly an object of the invention to provide a method and a configuration for loading data for basic system routines of a data processing system that overcome the above-mentioned disadvantages of the prior art methods and devices of this general type, which largely precludes security risks during the loading of the data.
With the foregoing and other objects in view there is provided, in accordance with the invention, a data loading method, which includes:
calling an application program stored in an application layer, the application program initiating a loading of information with regard to hardware components from a file containing new data for basic system routines into a main memory of a data processing system;
checking if a respective user has authorization in an event that the application program is called;
calling a driver program in a kernel layer by the application program, the driver program being prompted to read and transfer information regarding the hardware components stored in a non-volatile memory;
transferring the new data for the basic system routines and information for controlling a loading operation of the new data for the basic system routines into the non-volatile memory from the application program to the driver program; and
writing the new data for the basic system routines to the non-volatile memory, in this manner the new data for the basic system routines can be written into the non-volatile memory by the driver program from the kernel layer without a corresponding access from the application layer.
By virtue of the use of two different programs, the application program and the driver program, which can be called and are executable in the application layer and in the kernel layer, respectively, the data processing system can be operated unchanged with its intended operating system, which is protected against manipulation, during the loading operation. Impermissible circumventing of the security techniques of the operating system is thus precluded. Unauthorized overwriting of the basic system routines is thus effectively prevented. Authorization for calling the application program can be assigned for example to those users who also have administrator authorizations. The data processing system cannot be infected with viruses, provided that the operating system contains suitable protection mechanisms for combating them.
Only the data of the new version of the data for basic system routines have to be made available to the data processing system. These are transferred to the driver program by the application program. The driver program, which cannot be accessed from the application layer, transfers the data to the non-volatile memory.
In accordance with an added feature of the invention, there are the steps of using the application program for performing a comparison for ascertaining an association of the information with regard to the hardware components stored in the new data for the basic system routines with the information regarding the hardware components stored in the non-volatile memory, and ending operations if no correspondence is determined in the comparison.
Using a data comparison, it can be ensured that only those new system routines which the hardware components of the data processing system can actually process are loaded into the non-volatile memory of the data processing system. By way of example, it is thus ensured that the existing type of system board (motherboard) and of the memory and functional modules that are disposed on it correspond to the types of boards and modules which are demanded in the new data. It is thus ensured that the data processing system is fully functional after the loading operation of the basic system routines.
It is furthermore provided that the application program accepts so-called location information from the file with the new data for basic system routines. On the basis of this location information, the application program splits the new data into packets that are provided with corresponding location information items and transferred to the driver program. As a result of the data being transferred in portions in this way, the method of operation of the operating system and of other current application programs of the data processing system is adversely affected only to an insignificant extent. Consequently, the new data of the basic system routines can also be loaded during the regular operation of the data processing system.
In this case, the portion size can be matched to the parameters of the non-volatile memory. The smallest packet corresponds to the smallest storage unit of the non-volatile memory, and the largest packet corresponds to the volume of data that can be transferred into the non-volatile memory in the course of a loading operation. In the case of customary non-volatile memories, the smallest volume of data is 1 byte and the largest volume of data is 64 Kbytes.
The driver program is adapted to the requirements of the non-volatile memory. The non-volatile memories, in particular the FLASH memories, are generally organized in sectors, in which case specific address ranges can be written to within individual memory sectors. However, the erasure operation can only be performed for an entire sector. If we suppose that the application program supplies the information according to which the transferred data are intended for the sector i and are to be written to the address k to k+n therein, then the driver program firstly ascertains whether it has already erased the sector in a previous operation. If this is the case, then the erasure operation at the current point in time can be omitted and it is only necessary for the data to be written to the addresses k to k+n. A customary value for n is 1000, with the result that one K-byte is transferred each time the data are transferred from the application program to the driver program. Such a volume of data adversely affects the functionality of the operating system and of the other current applications only to an extremely small extent. As an alternative, the application program can also undertake the above-described functionality of the driver program, according to which it is necessary to ascertain whether a sector had already been erased in a previous operation. In this case, the driver program would merely follow the corresponding instructions of the application program.
In accordance with a further refinement and development of the invention, the application program can be started by remote access. This functionality enables a system administrator to install new basic system routines during routine operation in a computer network in the framework of a batch run using a software distribution tool on a plurality of data processing systems. When the application program is called, only the necessary parameters such as, for example, the authorization information and the new data have to be transferred by the batch.
With the foregoing and other objects in view there is further provided, in accordance with the invention, a data loading configuration, including:
a non-volatile memory;
a file containing new data for basic system routines;
a data processing system loaded with an operating system and having a main memory connected to the file, the operating system having a kernel layer and an applications layer, the application layer having an application program which can be called and initiates a loading of information with regard to hardware components from the file containing the new data for the basic system routines into the main memory, the kernel layer having a driver program which can be called by the application program and serving for reading and transferring information with regard to the hardware components stored in the non-volatile memory;
a first coupling connecting the application program to the driver program, such that it is possible to transfer the new data for the basic system routines and information for controlling a loading operation of the new data for the basic system routines into the non-volatile memory; and
a second coupling connecting the driver program to the non-volatile memory, such that the new data for the basic system routines can be written to the non-volatile memory, in this manner the new data for the basic system routines can be written into the non-volatile memory by the driver program from the kernel layer without a corresponding access from the application layer.
Other features which are considered as characteristic for the invention are set forth in the appended claims.
Although the invention is illustrated and described herein as embodied in a method and a configuration for loading data for basic system routines of a data processing system it is nevertheless not intended to be limited to the details shown, since various modifications and structural changes may be made therein without departing from the spirit of the invention and within the scope and range of equivalents of the claims.